Overview

overview

10

Static

static

10

a65dc9cbe7...ba.exe

windows7-x64

10

a65dc9cbe7...ba.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    008d9913e8ce8bb934b93c559a2e32fa.bin

  • Size

    2.6MB

  • MD5

    33d9b1a7653cba44df600dc6e43e81fc

  • SHA1

    e80026da5fad48dae73402afbe170bd9ab4c0adf

  • SHA256

    72314ab54f1d53464f1f5aadb50448dae3a241a6e40ca4bd1b5bfa32e2b75b4d

  • SHA512

    e5dbe39eac0474cbc8e2a5399f3820792bbbd0ad3a7787d4254aac5b9fc7f26a0b383ca8d0875510f67f49ea50b219da73924ebf0c925004bf49f0966b9fbd3b

  • SSDEEP

    49152:ytXCpHmRo8kfp/effEmrXHFW35SHwbErdOvlfdG1w+RS6mv/74htCFx7O:Nm+d6coceSEpyBdG1Do6mv/MtCv7O

Score
10/10
zgrat

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • Zgrat family
    zgrat
  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 008d9913e8ce8bb934b93c559a2e32fa.bin
    .zip

    Password: infected

  • a65dc9cbe71f0efde3fd50729cf5576bfb4c870329eed8f90dcd0fc1b9aa97ba.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections